Securing the digital fortress has been a security best practice for the past few decades. However, data breaches continue to occur. Often, the impenetrable fortress approach neglects third-party service providers, which extend the data processing ecosystem. A static point-in-time questionnaire during the procurement phase is no longer adequate. Paul Poh explores the techniques used to continuously measure the security posture and maturity of a third-party service provider.
This session is sponsored by SecurityScorecard.
Paul Poh works at SecurityScorecard. Paul has 25 years of technology experience with a focus on information security, infrastructure operations, and software architecture. Previously, Paul led technology strategy and information security at the Investment Services division of Fiserv, where he was responsible for the security and integrity of over 4 million managed brokerage accounts, and held technology management roles at Dow Jones, State Street, and several innovative startups, including a managed security services provider, where he architected and built a proprietary distributed system for managing a custom intrusion-detection appliance. As a member of the Shared Assessments industry group on third-party risk, Paul chaired the Certification committee in the development of the industry’s first certification for third-party risk professionals.
©2016, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • firstname.lastname@example.org